package cn.tedu;

import java.sql.*;
import java.util.Scanner;

public class Demo05 {
    public static void main(String[] args) {
        Scanner scan=new Scanner(System.in);
        System.out.println("请输入用户名：");
        String username=scan.nextLine();
        System.out.println("请输入密码：");
        String password=scan.nextLine();
        //获取连接
        try (Connection conn=DBUtils.getConn()){
//            Statement s=conn.createStatement();
//            //执行查询sql语句
//            ResultSet rs=s.executeQuery(
//                    "select id from user where username='"+username+"'and password='"+password+"'");
            /*
            解决sql注入写法
             */
            String sql="select id from user where username=? and password = ?";
            PreparedStatement ps=conn.prepareStatement(sql);
            //替换？的值
            ps.setString(1,username);
            ps.setString(2,password);
            //执行查询
            ResultSet rs=ps.executeQuery();
            //判断是否查询到了数据
            if (rs.next()){
                System.out.println("登陆成功！！！");
            }else{
                System.out.println("用户名或密码错误");
            }
        } catch (SQLException throwables) {
             throwables.printStackTrace();
        }
    }
}
